Class IamCredentialsClient (2.33.0)
Stay organized with collections
Save and categorize content based on your preferences.
- 2.78.0 (latest)
- 2.76.0
- 2.75.0
- 2.74.0
- 2.73.0
- 2.72.0
- 2.70.0
- 2.68.0
- 2.67.0
- 2.64.0
- 2.63.0
- 2.62.0
- 2.60.0
- 2.59.0
- 2.58.0
- 2.57.0
- 2.56.0
- 2.55.0
- 2.54.0
- 2.53.0
- 2.52.0
- 2.51.0
- 2.49.0
- 2.48.0
- 2.47.0
- 2.46.0
- 2.45.0
- 2.44.0
- 2.43.0
- 2.42.0
- 2.41.0
- 2.40.0
- 2.39.0
- 2.37.0
- 2.36.0
- 2.35.0
- 2.34.0
- 2.33.0
- 2.32.0
- 2.31.0
- 2.30.0
- 2.29.0
- 2.28.0
- 2.27.0
- 2.24.0
- 2.23.0
- 2.22.0
- 2.21.0
- 2.20.0
- 2.19.0
- 2.18.0
- 2.17.0
- 2.16.0
- 2.15.0
- 2.14.0
- 2.13.0
- 2.12.0
- 2.11.0
- 2.9.0
- 2.8.0
- 2.7.0
- 2.6.0
- 2.5.0
- 2.4.0
- 2.3.6
- 2.2.0
- 2.1.0
- 2.0.15
Service Description: A service account is a special type of Google account that belongs to your application or a virtual machine (VM), instead of to an individual end user. Your application assumes the identity of the service account to call Google APIs, so that the users aren't directly involved.
Service account credentials are used to temporarily assume the identity of the service account. Supported credential types include OAuth 2.0 access tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and more.
This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try(IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create()){
ServiceAccountNamename=ServiceAccountName.of("[PROJECT]","[SERVICE_ACCOUNT]");
List<String>delegates=newArrayList<>();
List<String>scope=newArrayList<>();
Durationlifetime=Duration.newBuilder().build();
GenerateAccessTokenResponseresponse=
iamCredentialsClient.generateAccessToken(name,delegates,scope,lifetime);
}
Note: close() needs to be called on the IamCredentialsClient object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().
| Method | Description | Method Variants |
|---|---|---|
| GenerateAccessToken | Generates an OAuth 2.0 access token for a service account. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
| GenerateIdToken | Generates an OpenID Connect ID token for a service account. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
| SignBlob | Signs a blob using a service account's system-managed private key. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
| SignJwt | Signs a JWT using a service account's system-managed private key. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
See the individual methods for example code.
Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.
This class can be customized by passing in a custom instance of IamCredentialsSettings to create(). For example:
To customize credentials:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
IamCredentialsSettingsiamCredentialsSettings=
IamCredentialsSettings.newBuilder()
.setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
.build();
IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create(iamCredentialsSettings);
To customize the endpoint:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
IamCredentialsSettingsiamCredentialsSettings=
IamCredentialsSettings.newBuilder().setEndpoint(myEndpoint).build();
IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create(iamCredentialsSettings);
To use REST (HTTP1.1/JSON) transport (instead of gRPC) for sending and receiving requests over the wire:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
IamCredentialsSettingsiamCredentialsSettings=
IamCredentialsSettings.newHttpJsonBuilder().build();
IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create(iamCredentialsSettings);
Please refer to the GitHub repository's samples for more quickstart code snippets.
Static Methods
create()
publicstaticfinalIamCredentialsClientcreate()Constructs an instance of IamCredentialsClient with default settings.
| Returns | |
|---|---|
| Type | Description |
IamCredentialsClient |
|
| Exceptions | |
|---|---|
| Type | Description |
IOException |
|
create(IamCredentialsSettings settings)
publicstaticfinalIamCredentialsClientcreate(IamCredentialsSettingssettings)Constructs an instance of IamCredentialsClient, using the given settings. The channels are created based on the settings passed in, or defaults for any settings that are not set.
| Parameter | |
|---|---|
| Name | Description |
settings |
IamCredentialsSettings |
| Returns | |
|---|---|
| Type | Description |
IamCredentialsClient |
|
| Exceptions | |
|---|---|
| Type | Description |
IOException |
|
create(IamCredentialsStub stub)
publicstaticfinalIamCredentialsClientcreate(IamCredentialsStubstub)Constructs an instance of IamCredentialsClient, using the given stub for making calls. This is for advanced usage - prefer using create(IamCredentialsSettings).
| Parameter | |
|---|---|
| Name | Description |
stub |
IamCredentialsStub |
| Returns | |
|---|---|
| Type | Description |
IamCredentialsClient |
|
Constructors
IamCredentialsClient(IamCredentialsSettings settings)
protectedIamCredentialsClient(IamCredentialsSettingssettings)Constructs an instance of IamCredentialsClient, using the given settings. This is protected so that it is easy to make a subclass, but otherwise, the static factory methods should be preferred.
| Parameter | |
|---|---|
| Name | Description |
settings |
IamCredentialsSettings |
IamCredentialsClient(IamCredentialsStub stub)
protectedIamCredentialsClient(IamCredentialsStubstub)| Parameter | |
|---|---|
| Name | Description |
stub |
IamCredentialsStub |
Methods
awaitTermination(long duration, TimeUnit unit)
publicbooleanawaitTermination(longduration,TimeUnitunit)| Parameters | |
|---|---|
| Name | Description |
duration |
long |
unit |
TimeUnit |
| Returns | |
|---|---|
| Type | Description |
boolean |
|
| Exceptions | |
|---|---|
| Type | Description |
InterruptedException |
|
close()
publicfinalvoidclose()generateAccessToken(GenerateAccessTokenRequest request)
publicfinalGenerateAccessTokenResponsegenerateAccessToken(GenerateAccessTokenRequestrequest)Generates an OAuth 2.0 access token for a service account.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try(IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create()){
GenerateAccessTokenRequestrequest=
GenerateAccessTokenRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]","[SERVICE_ACCOUNT]").toString())
.addAllDelegates(newArrayList<String>())
.addAllScope(newArrayList<String>())
.setLifetime(Duration.newBuilder().build())
.build();
GenerateAccessTokenResponseresponse=iamCredentialsClient.generateAccessToken(request);
}
| Parameter | |
|---|---|
| Name | Description |
request |
GenerateAccessTokenRequest The request object containing all of the parameters for the API call. |
| Returns | |
|---|---|
| Type | Description |
GenerateAccessTokenResponse |
|
generateAccessToken(ServiceAccountName name, List<String> delegates, List<String> scope, Duration lifetime)
publicfinalGenerateAccessTokenResponsegenerateAccessToken(ServiceAccountNamename,List<String>delegates,List<String>scope,Durationlifetime)Generates an OAuth 2.0 access token for a service account.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try(IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create()){
ServiceAccountNamename=ServiceAccountName.of("[PROJECT]","[SERVICE_ACCOUNT]");
List<String>delegates=newArrayList<>();
List<String>scope=newArrayList<>();
Durationlifetime=Duration.newBuilder().build();
GenerateAccessTokenResponseresponse=
iamCredentialsClient.generateAccessToken(name,delegates,scope,lifetime);
}
| Parameters | |
|---|---|
| Name | Description |
name |
ServiceAccountName Required. The resource name of the service account for which the credentials are
requested, in the following format:
|
delegates |
List<String>The sequence of service accounts in a delegation chain. Each service account
must be granted the The delegates must have the following format:
|
scope |
List<String>Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required. |
lifetime |
Duration The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour. |
| Returns | |
|---|---|
| Type | Description |
GenerateAccessTokenResponse |
|
generateAccessToken(String name, List<String> delegates, List<String> scope, Duration lifetime)
publicfinalGenerateAccessTokenResponsegenerateAccessToken(Stringname,List<String>delegates,List<String>scope,Durationlifetime)Generates an OAuth 2.0 access token for a service account.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try(IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create()){
Stringname=ServiceAccountName.of("[PROJECT]","[SERVICE_ACCOUNT]").toString();
List<String>delegates=newArrayList<>();
List<String>scope=newArrayList<>();
Durationlifetime=Duration.newBuilder().build();
GenerateAccessTokenResponseresponse=
iamCredentialsClient.generateAccessToken(name,delegates,scope,lifetime);
}
| Parameters | |
|---|---|
| Name | Description |
name |
String Required. The resource name of the service account for which the credentials are
requested, in the following format:
|
delegates |
List<String>The sequence of service accounts in a delegation chain. Each service account
must be granted the The delegates must have the following format:
|
scope |
List<String>Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required. |
lifetime |
Duration The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour. |
| Returns | |
|---|---|
| Type | Description |
GenerateAccessTokenResponse |
|
generateAccessTokenCallable()
publicfinalUnaryCallable<GenerateAccessTokenRequest,GenerateAccessTokenResponse>generateAccessTokenCallable()Generates an OAuth 2.0 access token for a service account.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try(IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create()){
GenerateAccessTokenRequestrequest=
GenerateAccessTokenRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]","[SERVICE_ACCOUNT]").toString())
.addAllDelegates(newArrayList<String>())
.addAllScope(newArrayList<String>())
.setLifetime(Duration.newBuilder().build())
.build();
ApiFuture<GenerateAccessTokenResponse>future=
iamCredentialsClient.generateAccessTokenCallable().futureCall(request);
// Do something.
GenerateAccessTokenResponseresponse=future.get();
}
| Returns | |
|---|---|
| Type | Description |
UnaryCallable<GenerateAccessTokenRequest,GenerateAccessTokenResponse> |
|
generateIdToken(GenerateIdTokenRequest request)
publicfinalGenerateIdTokenResponsegenerateIdToken(GenerateIdTokenRequestrequest)Generates an OpenID Connect ID token for a service account.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try(IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create()){
GenerateIdTokenRequestrequest=
GenerateIdTokenRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]","[SERVICE_ACCOUNT]").toString())
.addAllDelegates(newArrayList<String>())
.setAudience("audience975628804")
.setIncludeEmail(true)
.build();
GenerateIdTokenResponseresponse=iamCredentialsClient.generateIdToken(request);
}
| Parameter | |
|---|---|
| Name | Description |
request |
GenerateIdTokenRequest The request object containing all of the parameters for the API call. |
| Returns | |
|---|---|
| Type | Description |
GenerateIdTokenResponse |
|
generateIdToken(ServiceAccountName name, List<String> delegates, String audience, boolean includeEmail)
publicfinalGenerateIdTokenResponsegenerateIdToken(ServiceAccountNamename,List<String>delegates,Stringaudience,booleanincludeEmail)Generates an OpenID Connect ID token for a service account.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try(IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create()){
ServiceAccountNamename=ServiceAccountName.of("[PROJECT]","[SERVICE_ACCOUNT]");
List<String>delegates=newArrayList<>();
Stringaudience="audience975628804";
booleanincludeEmail=true;
GenerateIdTokenResponseresponse=
iamCredentialsClient.generateIdToken(name,delegates,audience,includeEmail);
}
| Parameters | |
|---|---|
| Name | Description |
name |
ServiceAccountName Required. The resource name of the service account for which the credentials are
requested, in the following format:
|
delegates |
List<String>The sequence of service accounts in a delegation chain. Each service account
must be granted the The delegates must have the following format:
|
audience |
String Required. The audience for the token, such as the API or account that this token grants access to. |
includeEmail |
boolean Include the service account email in the token. If set to |
| Returns | |
|---|---|
| Type | Description |
GenerateIdTokenResponse |
|
generateIdToken(String name, List<String> delegates, String audience, boolean includeEmail)
publicfinalGenerateIdTokenResponsegenerateIdToken(Stringname,List<String>delegates,Stringaudience,booleanincludeEmail)Generates an OpenID Connect ID token for a service account.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try(IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create()){
Stringname=ServiceAccountName.of("[PROJECT]","[SERVICE_ACCOUNT]").toString();
List<String>delegates=newArrayList<>();
Stringaudience="audience975628804";
booleanincludeEmail=true;
GenerateIdTokenResponseresponse=
iamCredentialsClient.generateIdToken(name,delegates,audience,includeEmail);
}
| Parameters | |
|---|---|
| Name | Description |
name |
String Required. The resource name of the service account for which the credentials are
requested, in the following format:
|
delegates |
List<String>The sequence of service accounts in a delegation chain. Each service account
must be granted the The delegates must have the following format:
|
audience |
String Required. The audience for the token, such as the API or account that this token grants access to. |
includeEmail |
boolean Include the service account email in the token. If set to |
| Returns | |
|---|---|
| Type | Description |
GenerateIdTokenResponse |
|
generateIdTokenCallable()
publicfinalUnaryCallable<GenerateIdTokenRequest,GenerateIdTokenResponse>generateIdTokenCallable()Generates an OpenID Connect ID token for a service account.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try(IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create()){
GenerateIdTokenRequestrequest=
GenerateIdTokenRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]","[SERVICE_ACCOUNT]").toString())
.addAllDelegates(newArrayList<String>())
.setAudience("audience975628804")
.setIncludeEmail(true)
.build();
ApiFuture<GenerateIdTokenResponse>future=
iamCredentialsClient.generateIdTokenCallable().futureCall(request);
// Do something.
GenerateIdTokenResponseresponse=future.get();
}
| Returns | |
|---|---|
| Type | Description |
UnaryCallable<GenerateIdTokenRequest,GenerateIdTokenResponse> |
|
getSettings()
publicfinalIamCredentialsSettingsgetSettings()| Returns | |
|---|---|
| Type | Description |
IamCredentialsSettings |
|
getStub()
publicIamCredentialsStubgetStub()| Returns | |
|---|---|
| Type | Description |
IamCredentialsStub |
|
isShutdown()
publicbooleanisShutdown()| Returns | |
|---|---|
| Type | Description |
boolean |
|
isTerminated()
publicbooleanisTerminated()| Returns | |
|---|---|
| Type | Description |
boolean |
|
shutdown()
publicvoidshutdown()shutdownNow()
publicvoidshutdownNow()signBlob(ServiceAccountName name, List<String> delegates, ByteString payload)
publicfinalSignBlobResponsesignBlob(ServiceAccountNamename,List<String>delegates,ByteStringpayload)Signs a blob using a service account's system-managed private key.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try(IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create()){
ServiceAccountNamename=ServiceAccountName.of("[PROJECT]","[SERVICE_ACCOUNT]");
List<String>delegates=newArrayList<>();
ByteStringpayload=ByteString.EMPTY;
SignBlobResponseresponse=iamCredentialsClient.signBlob(name,delegates,payload);
}
| Parameters | |
|---|---|
| Name | Description |
name |
ServiceAccountName Required. The resource name of the service account for which the credentials are
requested, in the following format:
|
delegates |
List<String>The sequence of service accounts in a delegation chain. Each service account
must be granted the The delegates must have the following format:
|
payload |
ByteString Required. The bytes to sign. |
| Returns | |
|---|---|
| Type | Description |
SignBlobResponse |
|
signBlob(SignBlobRequest request)
publicfinalSignBlobResponsesignBlob(SignBlobRequestrequest)Signs a blob using a service account's system-managed private key.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try(IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create()){
SignBlobRequestrequest=
SignBlobRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]","[SERVICE_ACCOUNT]").toString())
.addAllDelegates(newArrayList<String>())
.setPayload(ByteString.EMPTY)
.build();
SignBlobResponseresponse=iamCredentialsClient.signBlob(request);
}
| Parameter | |
|---|---|
| Name | Description |
request |
SignBlobRequest The request object containing all of the parameters for the API call. |
| Returns | |
|---|---|
| Type | Description |
SignBlobResponse |
|
signBlob(String name, List<String> delegates, ByteString payload)
publicfinalSignBlobResponsesignBlob(Stringname,List<String>delegates,ByteStringpayload)Signs a blob using a service account's system-managed private key.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try(IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create()){
Stringname=ServiceAccountName.of("[PROJECT]","[SERVICE_ACCOUNT]").toString();
List<String>delegates=newArrayList<>();
ByteStringpayload=ByteString.EMPTY;
SignBlobResponseresponse=iamCredentialsClient.signBlob(name,delegates,payload);
}
| Parameters | |
|---|---|
| Name | Description |
name |
String Required. The resource name of the service account for which the credentials are
requested, in the following format:
|
delegates |
List<String>The sequence of service accounts in a delegation chain. Each service account
must be granted the The delegates must have the following format:
|
payload |
ByteString Required. The bytes to sign. |
| Returns | |
|---|---|
| Type | Description |
SignBlobResponse |
|
signBlobCallable()
publicfinalUnaryCallable<SignBlobRequest,SignBlobResponse>signBlobCallable()Signs a blob using a service account's system-managed private key.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try(IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create()){
SignBlobRequestrequest=
SignBlobRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]","[SERVICE_ACCOUNT]").toString())
.addAllDelegates(newArrayList<String>())
.setPayload(ByteString.EMPTY)
.build();
ApiFuture<SignBlobResponse>future=
iamCredentialsClient.signBlobCallable().futureCall(request);
// Do something.
SignBlobResponseresponse=future.get();
}
| Returns | |
|---|---|
| Type | Description |
UnaryCallable<SignBlobRequest,SignBlobResponse> |
|
signJwt(ServiceAccountName name, List<String> delegates, String payload)
publicfinalSignJwtResponsesignJwt(ServiceAccountNamename,List<String>delegates,Stringpayload)Signs a JWT using a service account's system-managed private key.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try(IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create()){
ServiceAccountNamename=ServiceAccountName.of("[PROJECT]","[SERVICE_ACCOUNT]");
List<String>delegates=newArrayList<>();
Stringpayload="payload-786701938";
SignJwtResponseresponse=iamCredentialsClient.signJwt(name,delegates,payload);
}
| Parameters | |
|---|---|
| Name | Description |
name |
ServiceAccountName Required. The resource name of the service account for which the credentials are
requested, in the following format:
|
delegates |
List<String>The sequence of service accounts in a delegation chain. Each service account
must be granted the The delegates must have the following format:
|
payload |
String Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set. |
| Returns | |
|---|---|
| Type | Description |
SignJwtResponse |
|
signJwt(SignJwtRequest request)
publicfinalSignJwtResponsesignJwt(SignJwtRequestrequest)Signs a JWT using a service account's system-managed private key.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try(IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create()){
SignJwtRequestrequest=
SignJwtRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]","[SERVICE_ACCOUNT]").toString())
.addAllDelegates(newArrayList<String>())
.setPayload("payload-786701938")
.build();
SignJwtResponseresponse=iamCredentialsClient.signJwt(request);
}
| Parameter | |
|---|---|
| Name | Description |
request |
SignJwtRequest The request object containing all of the parameters for the API call. |
| Returns | |
|---|---|
| Type | Description |
SignJwtResponse |
|
signJwt(String name, List<String> delegates, String payload)
publicfinalSignJwtResponsesignJwt(Stringname,List<String>delegates,Stringpayload)Signs a JWT using a service account's system-managed private key.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try(IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create()){
Stringname=ServiceAccountName.of("[PROJECT]","[SERVICE_ACCOUNT]").toString();
List<String>delegates=newArrayList<>();
Stringpayload="payload-786701938";
SignJwtResponseresponse=iamCredentialsClient.signJwt(name,delegates,payload);
}
| Parameters | |
|---|---|
| Name | Description |
name |
String Required. The resource name of the service account for which the credentials are
requested, in the following format:
|
delegates |
List<String>The sequence of service accounts in a delegation chain. Each service account
must be granted the The delegates must have the following format:
|
payload |
String Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set. |
| Returns | |
|---|---|
| Type | Description |
SignJwtResponse |
|
signJwtCallable()
publicfinalUnaryCallable<SignJwtRequest,SignJwtResponse>signJwtCallable()Signs a JWT using a service account's system-managed private key.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try(IamCredentialsClientiamCredentialsClient=IamCredentialsClient.create()){
SignJwtRequestrequest=
SignJwtRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]","[SERVICE_ACCOUNT]").toString())
.addAllDelegates(newArrayList<String>())
.setPayload("payload-786701938")
.build();
ApiFuture<SignJwtResponse>future=
iamCredentialsClient.signJwtCallable().futureCall(request);
// Do something.
SignJwtResponseresponse=future.get();
}
| Returns | |
|---|---|
| Type | Description |
UnaryCallable<SignJwtRequest,SignJwtResponse> |
|